DocuSign wants to help you protect yourself from online security threats. Below are several resources designed to do that, including:
Practical advice on how to reduce risk by combating common Internet-themed threats, such as business email compromise, phishing, and brute-force attacks
An overview of controls that you can apply to reduce risk to an acceptable level
Additional video guidance from DocuSign’s security thought leaders
Recommended system and application access best practices
Install anti-virus software and ensure it’s enabled and kept up-to-date. Apply vendor-recommended security patches on a frequent basis.
Public computers/Internet cafes
Exercise caution using public computers. Web browsers can cache personal data and store login details. Always log off websites and clear the browser cache when done using a public computer to protect your personal information, passwords, and accounts.
Safeguard IDs and passwords
Keep your user IDs and passwords safe by following these tips:
Use a strong password that’s difficult for others to guess, and avoid birthdays, names, and pet names
Never write down your password or share it with others
Never provide your DocuSign account login or password, credit card number, or other personal information via email or to unknown parties
Note: DocuSign will never ask you for your password.
Filtering email attachments
Quarantine any emails from the Internet with potentially harmful attachments, such as .zip and .exe file types. The only attachments DocuSign sends in email are PDFs.
In the videos below, you’ll find useful insights on security best practices from DocuSign information security leaders.
Keeping security top of mind
Tom Thokey, DocuSign’s senior director of security consulting, discusses the importance of keeping security top of mind during and after the software development process, as well as other best practices around shipping secure code.
Secure code review includes getting into the “guts of the code”
John Heasman, DocuSign’s senior director of security engineering, gives a deep dive into his workflow for engineering application security, including the challenges, valuable tools, and his code review methodology.
Security innovation: a deep-dive discussion on incident response
Thomas Kinsella, DocuSign’s senior director of security consulting, shares insights on how he and his team runs DocuSign’s Cybersecurity Trust Centre of Excellence Computer Security Incident Response Team (CSIRT), as well as the Trust Center’s business security innovation processes used for threat modelling, database security automation, phishing investigation, and more.